There are a few cases which we have seen that result in new security roles which are fairly similar across our clients. We've outlined these below.
The Individual Security Role
This role grants one user access to perform certain functions for another specific user. The supported permissions for an Individual security role are:
- Manage Data: Proxy
- Run Ad Hoc Reports
- Run Custom Reports
- Change Your Password
To request this type of security role, submit a General work request. Unless you specify otherwise, this role will be set up with the Manage Data: Proxy permission and Run Custom Reports with access to the same reports as the Faculty security role.
College or Department Proxy Security Role
- Manage Data: Proxy
- Run Ad Hoc Reports
- Run Custom Reports
- Change Your Password
Department Users and Security
We have often found ourselves creating security roles at the Department level, with just the Users and Security permission. To understand why this type of role would be used, we need to first explain how Faculty Success handles College and Department values in a University instrument. Ultimately, unless you customize this - which we don't recommend - we maintain college and department lists independently. The association between these two values comes through the users assigned to each college and department. To restate this, the association is only in your data - it is not between the fields, or the values themselves.
This means that assigning a user to a college-level role gives them access to all the permissions within the role for the college selected. The departments which reside within that college are not handled or included as part of this role.
In most cases, this works exactly as you need it to. Since you are using Manage Data for a college's users, or running reports on a specific college - and drilling down based on the users' department assignments, you don't notice that you don't have permissions for specific departments. Where this does become an issue, however, is in Users and Security itself. With a college-level security role, you can assign the following scopes of security roles:
- College
- Self
- Individual
Department is conspicuously missing from this list. In order to assign department-level security roles, a user needs to have Users and Security for the department(s) they should be able to assign. In order to meet this need, we create Department Users and Security roles with just the Users and Security permission.
If you have added fields which we've configured to be available as a scope for security roles, you may need additional Users and Security only roles. To put these in place, simply submit a General work request identifying the scope at which the role should be created.